Normal POP mail sessions, by their very nature, are insecure. The password goes
across the network in cleartext for everyone to see. Now, this may be perfectly
acceptable in a trusted or firewalled environment. But on a public network,
such as a university or your run-of-the-mill ISP, anyone armed with a simple
network sniffer can grab your password right off the wire. This is compounded
by the fact that many people set their computers to check for mail at regular
intervals, so the password is sent out quite frequently, which makes it easy to
sniff.

With this password, an attacker can now access your email account, which may
have sensitive or private information. It is also quite common that this
password is the same as the user's shell account, so there is the possibility
for more damage.

By doing all POP traffic using an encrypted channel, nothing goes in
cleartext over the network. We can use ssh's diverse methods of authentication,
instead of a simple plaintext password. That is the real point of using this
method: not because we get encrypted content (which is futile at this point,
since it's probably gone unencrypted over several networks already before
reaching your mailbox; securing those communications is the job of GNU Privacy
Guard or PGP, not ssh), but the secure authentication.

There are other methods of achieving secure authentication already, such as
APOP, KPOP, and IMAP. However, using ssh has the advantage that it works with
normal POP configurations, without requiring special client (not all mail
clients support advanced protocols) or server support (except for sshd running
on the server). You mail provider may be unable or unwilling to use a more
secure protocol. Besides, by using ssh you can compress the traffic too, which
is a nice little extra for people with slow connections.